Malware, short for “malicious software,” is software that can be used to disrupt computer operations, damage data, gather sensitive information, or gain access to private computer systems without the user's knowledge or consent. Examples of such malware include software viruses, trojan horses, rootkits, ransomware, etc. A common mechanism used by malware developers is to embed the malware into a file that is made to appear desirable to user, or is downloaded and executed when the user visits a web site. For example, malware may be embedded into a software application that appears legitimate and useful. The user downloads the file, and when the file is opened, the malware within the file is executed. A file that contains malware can be referred to as a malicious file.
Detection of malware in order to protect computing devices is of major concern. Recently, there have been many attempts to improve malware detection. One such attempt involves a script identification technology. Scripts are programs or sequences of instructions generally developed to control and operate various applications, such as web browsers, but may also be malware creators. Scripts have become attractive to malware authors as a way to introduce malware in a system. For example, a malware author can develop a script to perform a web redirection to a malicious web site, execute a downloader that downloads malicious software, setup an exploit or provide an exploitation itself. Malware developers often use obfuscation techniques to hide well known malicious functionality. The obfuscation can be a key aspect of polymorphism, where for example every single instance of the script might be different in some way, while performing the same malicious function. As a result, it can be difficult for a malware detector to detect all versions of malicious scripts. Accordingly, a need exists for a method and system for detecting malicious scripts and improving computing performance through the malware detection and removal.